scene-replace
AdvisoryAudited by VirusTotal on Apr 27, 2026.
Overview
Type: OpenClaw Skill Name: flyelep-scene-replace Version: 1.0.2 The skill is a standard API wrapper for an image background replacement service hosted at flyelep.cn. It includes clear instructions for the AI agent, follows security best practices by advising against hardcoding API keys, and lacks any indicators of data exfiltration, malicious execution, or harmful prompt injection. All logic is consistent with the stated purpose of image processing via the Flyelep AI Tool API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
User-provided image links and scene instructions will be processed by Flyelep’s service.
The skill instructs the agent to make an external HTTP POST request to Flyelep with image URLs and prompt parameters; this is central to the stated scene-replacement purpose and is clearly disclosed.
URL: `POST https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/aiTool/sceneReplace`
Use the skill only with images and prompts you are comfortable sending to Flyelep, and verify the source and reference image URLs before invocation.
If the API key is mishandled, someone could potentially use the user’s Flyelep account quota or access tied to that key.
The skill requires a user-supplied Flyelep API key in the request header. This is expected for the provider API and the artifact warns not to hardcode or persist the key.
所有 AI 工具接口均需在请求头中传入 `secretKey`。该密钥需由用户在 Flyelep 开放平台申请获得
Provide the secretKey only at runtime, do not store it in shared files, and revoke or rotate it if it may have been exposed.